This Quick Start builds a highly available, secure global transit network on the Amazon Web Services (AWS) Cloud in about 10 minutes. It deploys Aviatrix Controller and Aviatrix Gateways in a central virtual private cloud (VPC) on AWS to manage routing between remote networks (spoke VPCs) in a hub-and-spoke model.

You can add spoke VPCs to the network by tagging them in AWS. Aviatrix Global Transit Hub automatically establishes VPN connections between the spoke VPCs and the hub VPC by using AWS CloudFormation templates and AWS Lambda functions. The transit network supports multiple AWS accounts and can be extended to include shared services with direct peering, or to connect your cloud network to on-premises networks.

This deployment is automated by AWS CloudFormation templates and AWS Lambda functions. You can customize the templates to meet your specific requirements.

What you'll build

The Quick Start deploys Aviatrix Controller and two Aviatrix Gateway instances into public subnets in two Availability Zones of a dedicated VPC, which acts as the hub of your global transit network. The gateway instances allow for IPsec VPN termination, routing, and security policies. Aviatrix Controller provides a user-friendly interface for further customizing the transit VPC architecture, and also provides monitoring and cloud network visualization.

The Quick Start also automatically adds spoke VPCs in any AWS Region to your global transit network when you tag these VPCs. VPN connections are automatically established between the tagged spoke VPCs and the global transit hub VPC by using a combination of AWS CloudFormation templates and AWS Lambda functions.

The architecture includes the following components:

A Lambda function that automatically deploys and configures the Aviatrix Controller using API calls.

A Lambda function that polls and detects VPC tags for spoke VPCs. The tag name can be default or custom. If the spoke’s VPC tag value is true, the spoke will be connected to the Aviatrix Gateway in the transit hub VPC; if the spoke’s VPC tag value is false, the spoke will be disconnected from the Aviatrix Gateway in the transit hub VPC.

An EC2 instance for Aviatrix Controller.

Two EC2 instances for Aviatrix Gateway in the transit hub VPC with gateway high availability.

An Aviatrix security group.

An AWS Identity and Access Management (IAM) role for the three Lambda functions (controller configurator, gateway configurator, poller).

An AWS Key Management Service (AWS KMS) encryption key to encrypt the environment variables of the Lambda functions.

Cost and licenses

You are responsible for the cost of the AWS services used while running this Quick Start reference deployment. There is no additional cost for using the Quick Start.

The AWS CloudFormation template for this Quick Start includes configuration parameters that you can customize. Some of these settings, such as instance type, will affect the cost of deployment. For cost estimates, see the pricing pages for each AWS service you will be using. Prices are subject to change.

You are also responsible for the Aviatrix license that is required to deploy the Aviatrix Global Transit Hub. This Quick Start requires a subscription to Aviatrix software in AWS Marketplace. You can choose from two licensing options: